The basics of PCI DSS compliance validation

While there are many aspects to data security, protecting your business from a data breach starts with a good foundation. Businesses that complete PCI DSS compliance validation have not only taken the first steps in guarding against a costly breach event, but also protect themselves from card brand non-compliance fines, fees, and assessments for forensic investigations, fraudulent purchases, and the cost of re-issuing cards. Current card brand regulations and certain state laws place more responsibility on businesses to protect cardholder payment data. There are information security standards for organizations that store, process, or transmit payment card data called Payment Card Industry Data Security Standard (PCI DSS). Failure to meet established industry and regulatory data security standards can result in fines, fees, a loss of income, and negative brand perception.

Four merchant levels of PCI DSS compliance

There are four merchant levels for PCI DSS compliance:

Level 1: Merchants processing over 6 million card transactions per year.
Level 2: Merchants processing 1 to 6 million transactions per year.
Level 3: Merchants handling 20,000 to 1 million transactions per year.
Level 4: Merchants handling fewer than 20,000 transactions per year.

Level 1: Merchants processing more than 6 million credit or debit card transactions annually. Report of compliance must be conducted by an authorized Qualified Security Assessor (QSA), and must undergo an internal audit once a year. Additionally, once a quarter, they must submit to a network scan by an Approved Scanning Vendor (ASV).

Level 2: Merchants processing between 1 and 6 million card-present credit or debit card transactions annually. They’re required to complete an assessment once a year using a Self-Assessment Questionnaire (SAQ). Additionally, a required quarterly network scan must be provided by an ASV.

Level 3: Merchants processing between 20,000 and 1 million transactions annually. They must complete a yearly assessment using the relevant SAQ. Additionally, a required quarterly network scan must be provided by an ASV.

Level 4: Merchants processing fewer than 20,000 transactions annually, or those that process up to 1 million transactions. A yearly assessment using the relevant SAQ must be completed or other alternative validation exercise as defined by the acquirer and a quarterly network scan may also be required from an ASV.

Elavon PCI solutions

Breach assistance
Elavon’s PCI program offers up to $20,000 per incident per MID of breach assistance per Customer ID number if you are enrolled and have validated your PCI DSS compliance.

The online portal takes you step-by-step through the PCI DSS compliance validation process, including assistance with the PCI Self-Assessment Questionnaire (SAQ) and network vulnerability scanning (if applicable).

Access to valuable tips, information and best practices that make it easy to understand how you can safeguard your business and your customer payment data.

Access to Elavon PCI professionals when you need it. We have answers to your PCI DSS questions through online help, email, and phone.


Request a call back

We want to hear from you. If you are interested in setting up a new merchant account with us, please contact us through the form below and we'll call between the hours of 9:00 AM and 7:00 PM EST, Monday-Friday. If you require assistance with an existing account, please call our customer service line 24/7.

This contact form is for Canadian customers only. If you are looking for one of our other locations, please visit to find your country or region.

Privacy agreement


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.



Monday - Friday
9:00 AM - 7:00 PM EST

Customer service

Available 24/7